DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

LinkedIn Release important message for all users

Posted on June 10, 2012 by Lee J

This week has been huge for security researches and LinkedIn. 6.5 million password hashs got leaked and within hours they had pretty much been cracked by a hard working group of hackers/researchs. Since then there has been many articles and reports about this attack and now linkedIn has finally made a new blog post to answer some of the questions that are being asked. They also state they are working with the fbi closely to catch the people behind the leaked data, will this ever happen? we doubt it. from the linkedIn blog.

An Update On Taking Steps To Protect Our Members

Vicente Silveira, June 9, 2012

By now, many of you have read recent headlines reporting that 6.5 million LinkedIn hashed passwords were stolen and published on an unauthorized website. We take this criminal activity very seriously so we are working closely with the FBI as they aggressively pursue the perpetrators of this crime. As you may have heard, there have been reports of other websites that have suffered similar thefts. We want to be as transparent as possible while at the same time preserving the security of our members without jeopardizing the ongoing investigation. In this post, we want to address questions we’ve been receiving and share what we’ve learned so far about the incident, how we’ve responded, and what we’re doing to protect our members going forward. First, it’s important to know that compromised passwords were not published with corresponding email logins. At the time they were initially published, the vast majority of those passwords remained hashed, i.e. encoded, but unfortunately a subset of the passwords was decoded. Again, we are not aware of any member information being published at any time in connection with the list of stolen passwords. The only information published was the passwords themselves. Here are the most common questions we are being asked by our members: 1. Am I at risk of having my account breached? Thus far, we have no reports of member accounts being breached as a result of the stolen passwords. Based on our investigation, all member passwords that we believe to be at risk have been disabled. 2. News of the theft broke on Wednesday. Why didn’t I immediately receive notification that my password was disabled? As soon as we learned of the theft, we launched an investigation to confirm that the passwords were LinkedIn member passwords. Once confirmed, we immediately began to address the risk to our members, prioritized as follows: Based on our investigation, those members whom we believed were at risk, and whose decoded passwords already had been published, had their passwords quickly disabled and were sent an email by the Customer Service team. By the end of Thursday, all passwords on the published list that we believed created risk for our members, based on our investigation, had been disabled. This is true, regardless of whether or not the passwords were decoded. After we disabled the passwords, we contacted members with instructions on how to reset their passwords. 3. What is LinkedIn doing to protect its members? We have built a world-class security team here at LinkedIn including experts such asGanesh Krishnan, formerly vice president and chief information security officer at Yahoo!, who joined us in 2010. This team reports directly to LinkedIn’s senior vice president of operations, David Henke. Under this team’s leadership, one of our major initiatives was the transition from a password database system that hashed passwords, i.e. provided one layer of encoding, to a system that both hashed and salted the passwords, i.e. provided an extra layer of protection that is a widely recognized best practice within the industry. That transition was completed prior to news of the password theft breaking on Wednesday. We continue to execute on our security roadmap, and we’ll be releasing additional enhancements to better protect our members. 4. My password has not been disabled, what should I do now? If your password has not been disabled, based on our investigation, we do not believe your account is at risk. However, it is good practice to change your passwords on any website you log into every few months. For that reason, we have provided information to all of our members via theLinkedIn Blog, as well as a banner on our homepage instructing members on how to change their passwords. Once again, we truly apologize for any inconvenience this has caused you, our members.

Category: Breach Incidents

Post navigation

← UGNAZI Team joined forces with Anonymous hacktivist
110,000 Personal details obtained, Clarksville Servers hacked by .c0mrade →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.